New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[dev.icinga.com #8315] Use Icinga 2 API to expand commands #1344
Comments
Updated by gbeutner on 2015-01-30 08:56:20 +00:00 FWIW Icinga 2 has all the information we'd need for this (that is, our internal CheckResult object has a copy of the exact command we executed). Last time we proposed exporting this in the IDO there were some concerns about security (i.e. because the commands might contain passwords...). |
Updated by tgelf on 2015-02-02 22:49:58 +00:00 One of the major differences between 1.x and 2.x is, that in 1.x given command params are exported in the icinga_host/servicestatus table. It's essential to be able to distinct between command structure and command params to be able to show them in a safe and secure way. We are currently doing a bad job when it goes to resolve commands for 1.x and 2.x. We have everything we need for 1.x in the IDO (all but USERx, they are available only when parsing resource.cfg), but we miss one part from 2.x. Command parameters are available, but the command structure is afaik incomplete. Simple command definitions like [ "check_tcp", ..., "-p", "$tcp_port$" ] are available, extended argument definitions are not. Access to them would allow us to resolve the command and to decide which parameters (e.g. db password, community strings) to hide from non-privileged users. While still strongly opting against an exported "resolved string" I guess this issue can be fixed once the "full" command definition will find it's way to the IDO. And as soon as we find some time to implement it, of course ;-) Cheers, |
Updated by mfriedrich on 2015-02-18 12:07:08 +00:00 Imho it's not reasonable to calculate the executed command from ingredients dumped into a backend. That works well with Classic UI since it uses the same shared code base as the core does. Furthermore Icinga 1.x is simple and stupid using a command line with only macros being replaced compared to Icinga 2.x with command arguments and functions. Still - both cores share the same problem with runtime value access, be it runtime macros or function calls. I had the executed command line implemented in Icinga Core 1.x a while ago in #3810 but had to revert that patch due to security concerns. Apart from that you wouldn't be able to support the entire set of an expanded command from the web interface. To be able to do that you would need to understand the configuration (sub)set of each core, have all the object and status information available. In the end you wouldn't be able to implement 100% of the available possibilities. Since we have the command line with Icinga 1.x and 2.x it would be more reasonable to have access to the executed command in the available backends. Apart from that I could imagine an on-demand command simulator from an api call in the future, but that's to-be-discussed. Btw - if the upcoming config tool is that good, no-one will need a command expander imho. |
Updated by elippmann on 2015-03-31 14:20:23 +00:00
|
Updated by elippmann on 2015-03-31 14:21:32 +00:00
|
Updated by purplecarrot on 2015-04-05 12:33:47 +00:00 I don't know all the ins and outs of how the Web UI works but I think It would be really useful if it could just show the last executed command. |
Updated by elippmann on 2016-03-09 09:10:38 +00:00
|
Updated by elippmann on 2016-03-09 09:11:18 +00:00
|
Updated by elippmann on 2016-09-05 06:10:39 +00:00
|
Updated by elippmann on 2016-09-05 06:12:36 +00:00
|
Updated by fred9176 on 2016-09-22 12:53:19 +00:00 +1 |
Updated by thebigfoot on 2016-09-22 13:57:43 +00:00 +1 |
Updated by invidian1 on 2016-12-07 12:35:51 +00:00 +1 |
This requires certain changes.
In the meantime you can use the REST API curl requests and the icinga2 console to extract the executed command line. This is described inside the docs. |
Is anyone willing to work on this? It'd be extremely helpful to be able to easily copy & paste commands as it was possible before. |
I've build a simple bash script for this: response=$(curl "https://icinga2-master.example.org:5665/v1/objects/services/${host_name}!${service_name}" \
--insecure --silent \
--user "${user}:${password}" \
--header "Accept: application/json" \
--request GET)
echo $response | jq -r '.results[0].attrs.last_check_result.command' Perhaps this helps for the implementation. |
As mentioned before, this requires the REST API resource being available with #3035 |
In case you're using the Icinga Director, it hooks into the monitoring module and provides command expansion as follows: This also works fine for objects not created by the Director. Using the Director is no requirement for this, but you need to enable it and to go once through the initial Connection setup/kickstart wizard. Inspected objects might contain sensitive information, so this feature is available only to users which have been granted the Cheers, |
This issue is kind of overrun by time. Icinga DB and the new monitoring module will provide this information. Further, there is the Director with its inspect functionality |
This issue has been migrated from Redmine: https://dev.icinga.com/issues/8315
Created by bsheqa on 2015-01-29 15:29:40 +00:00
Assignee: (none)
Status: New
Target Version: Backlog
Last Update: 2016-12-07 12:35:51 +00:00 (in Redmine)
As the configuration of icinga2 is getting more and more complicated, it would be nice to see the resulting command of a service in the webinterface. This feature was available in icnga-classicui, but only works for icinga1.x
Relations:
The text was updated successfully, but these errors were encountered: